One missed deadline ends a career. caseclaw makes sure it never happens. Point it at a matter and it auto-calculates every filing deadline from 600+ court rule sets. Throw a new client name at it and it checks conflicts against your entire case history in under a second. Start typing and it's already timing your work in six-minute increments. No browser tabs. No clunky SaaS dashboards. No $500/seat enterprise contracts. Just one command and the peace of mind that nothing is slipping through.
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: caseclaw Version: 1.0.0 The skill bundle is benign. It provides a clear description and installation instructions for a command-line tool named `caseclaw` designed for legal professionals. The `SKILL.md` content transparently outlines the tool's functionalities, which include file system access (e.g., checking PDF compliance) and network communication (e.g., email alerts, API calls for Pro features), all of which are necessary for its stated purpose. There is no evidence of malicious intent, obfuscation, data exfiltration instructions, or prompt injection attempts against the AI agent within the `_meta.json` or `SKILL.md` files. The installation method via `brew` is standard and points to a plausible tap (`legal-tools/tap/caseclaw`).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive legal matter history could be stored, reused, exported, or exposed more broadly than expected.
The skill appears to build or query a broad matter-history index containing sensitive legal client, party, witness, and case information, but the artifact does not state storage location, retention, exclusions, access controls, or whether data leaves the local machine.
Throw a new client name at it and it checks conflicts against your entire case history in under a second. ... `caseclaw conflict search "Acme"` — Search across all matters
Before using it with real matters, verify whether conflict data stays local, how it is encrypted, how to delete/export it, and how to limit which matters are indexed.
The tool may monitor activity or maintain background state beyond a single explicit command, potentially capturing sensitive work context or billing activity unexpectedly.
The wording suggests persistent or automatic activity and work/time monitoring, but the artifact does not explain what background process runs, when tracking starts or stops, what is recorded, or how users can disable it.
caseclaw is the command center that sits in your terminal and guards against all three—silently, ruthlessly, around the clock. ... Start typing and it's already timing your work in six-minute increments.
Look for clear documentation on background services, time-tracking controls, local data storage, and an uninstall/disable process before installing.
Calendar, Slack, email, or caseclaw account permissions could expose or modify sensitive legal workflow information if overly broad.
The skill uses account authentication and optional third-party integrations. Those are purpose-aligned, but the artifacts do not describe OAuth scopes, token storage, revocation, or exactly what calendar/Slack/email data can be accessed or modified.
`caseclaw auth login` # Authenticate (free account) ... `caseclaw deadline alerts --slack #deadlines` — Slack notifications ... `caseclaw deadline alerts --calendar` — Sync to Google/Outlook
Use least-privileged accounts, review requested OAuth scopes carefully, and confirm how tokens can be revoked.
An incorrect command could mark a deadline complete, add inaccurate conflict data, or sync wrong dates to a calendar.
The documented CLI can mutate legal deadline status, conflict records, and calendar/alert integrations. These are central to the purpose, but mistakes could have serious legal workflow consequences.
`caseclaw deadline done --id DL-0042` — Mark complete ... `caseclaw conflict add --entity "Acme Corp" --matter "2024-001" --role plaintiff` ... `caseclaw deadline alerts --calendar` — Sync to Google/Outlook
Require explicit user confirmation before mutations, keep backups/audit logs, and independently verify legal deadlines before relying on generated dates.
Users may trust calculated deadlines or conflict checks without independent legal review, increasing the impact of any tool error or outdated rule data.
The skill makes absolute safety claims for legal malpractice prevention, which can encourage over-reliance on automated deadline calculations in a high-stakes domain.
**One missed deadline ends a career. caseclaw makes sure it never happens.** ... caseclaw makes it impossible. ... the peace of mind that nothing is slipping through.
Treat the tool as an assistant, not a guarantee; require attorney review and documented verification of deadlines and conflicts.
The security review cannot confirm what the installed binary actually does with legal data or credentials.
The skill relies on an external Homebrew-installed binary, and the artifact set contains no code for that binary. This is a normal installation pattern for a CLI skill, but review visibility is limited.
brew | formula: legal-tools/tap/caseclaw | creates binaries: caseclaw
Install only from a trusted tap, verify the package source/signature where possible, and review the upstream repository before using real client data.